CVE-2022-49526

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
26/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> md/bitmap: don&amp;#39;t set sb values if can&amp;#39;t pass sanity check<br /> <br /> If bitmap area contains invalid data, kernel will crash then mdadm<br /> triggers "Segmentation fault".<br /> This is cluster-md speical bug. In non-clustered env, mdadm will<br /> handle broken metadata case. In clustered array, only kernel space<br /> handles bitmap slot info. But even this bug only happened in clustered<br /> env, current sanity check is wrong, the code should be changed.<br /> <br /> How to trigger: (faulty injection)<br /> <br /> dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda<br /> dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb<br /> mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb<br /> mdadm -Ss<br /> echo aaa &gt; magic.txt<br /> == below modifying slot 2 bitmap data ==<br /> dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3

Impact